Security researchers from Kaspersky Lab are currently investigating the first Windows-based spreader for the Mirai malware, something that can have huge implications for companies that invested heavily in IoT.

The spreader was apparently built by someone with “more advanced skills” than those that had created the original Mirai malware. This, Kaspersky Lab says, has “worrying implications for the future use and targets of Mirai-based attacks.”

It is richer and more robust than the original Mirai codebase, even though many of its components are “several years old.” Its spreading capabilities are limited, as it can only deliver from an infected Windows host to a vulnerable Linux-powered IoT device. Even that — if it can brute-force a remote telnet.

It was also said that the author is likely Chinese-speaking, more experienced, but probably new to Mirai.

“The appearance of a Mirai crossover between the Linux platform and the Windows platform is a real concern, as is the arrival on the scene of more experienced developers. The release of the source code for the Zeus banking Trojan in 2011 brought years of problems for the online community — and the release of the Mirai IoT bot source code in 2016 will do the same for the Internet. More experienced attackers, bringing increasingly sophisticated skills and techniques, are starting to leverage freely available Mirai code. A Windows botnet spreading IoT Mirai bots turns a corner and enables the spread of Mirai to newly available devices and networks that were previously unavailable to Mirai operators. This is only the beginning,” says Kurt Baumgartner, principal security researcher, Kaspersky Lab.

Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.